David Kaplan Also, conclusion is kind of weird: I used *correct* terminology introduced by platform vendor, binarly used they own *wrong* terminology to make loud PR claims and headlines, but... both parties are right?! I'm sorry, but there's a clear logical contradiction here

Bootkitting Windows Sandbox by Duncan Ogilvie 🍍 Dylan Goods secret.club/2022/08/29/boo…

@jckarter System Management Mode code also has its own protection rings 0 and 3 same as non-SMM code. I wonder how do we call CPL=0 mode of System Management Mode then, ring -2*2?

Every single time > Found some cool vintage streamer or MO drive > Damn, it has external SCSI interface > Learning about all sort of cables and adapters > The ones I need costs x5 more than drive itself > Fuck this shit

Amount of fucks given: don't even planning to look into this recent Intel Alder Lake massive leak. Firmware security is boring 😒

Periodic reminder: you don't have to buy skid's crap to get access to #UEFI firmware implant technology. You can download my FOSS & battle-tested UEFI boot backdoor for free, it has much more use-cases and deployment options than #BlackLotus github.com/Cr4sh/s6_pcie_…

Psssst: someone, please tell Elmo that it’s possible to shutdown even more servers by removing all recommended & suggested tweets of random people from the feed, maybe it will work

Our survey of SGX attacks is out! Come learn about how SGX fails in real life. Check out our website sgx.fail including attacks on Secret Network and CyberLink PowerDVD.

By "AI ethics" people really mean a "censorship". AI's that reflect how people really thing are "dangerous", and instead, they try to construct AIs according how people should think instead.

The UEFI Forum started to publish mapping of DBX entries and CVEs since last October. That helps IT pros and security software understand which threats are blocked or not significantly. Great improvement. uefi.org/revocationlist…

* LTESniffer: An Open-source LTE Downlink/Uplink Eavesdropper * We open-source LTESniffer, accepted at ACM WiSec '23. LTESniffer supports: Real-time decoding of + Downlink traffic from the base station. + Uplink traffic from nearby users. github.com/SysSec-KAIST/L…

Disk encryption is critical in securing your data when you lose your device or an attacker gets physical access. But we found that if you don't use a BitLocker passphrase on an AMD system (before Windows even comes up), your data is not adequately secured: arxiv.org/abs/2304.14717

What I’ve been working on: intel.com/content/www/us…

Just published a blog post about the bug I found on EDK2. TL.DR. the bug is not outstanding, but the limited primitive it offers is a nice excuse to play with exploitation techniques in SMM. :) blog.quarkslab.com/for-science-us…

It seems that Twitter is dead and gone 😐 I've put a link to my fediverse account in my bio just for sure

Ha, didn't even know that I got CVE number for HP bugloader discovered few years ago. Original advisory doesn’t have any credits, I guess they didn't liked my typical twitter-disclosure lol: support.hpe.com/hpesc/public/d…

We are excited to announce the launch of our latest project: Bootloaders.io. The inception of this project was sparked by the emergence of the BlackLotus bootkit. Bootloaders/kits - a subject I had never delved into before. My explorations into bootloaders and bootkits

stacksmashing Pwnie Awards Ramtin Amin did exactly the same work and achieved exactly the same results in 2016-2017, many people been able to replicate this work. What’s the innovation here?